Russia's Fancy Bear APT group is likely behind the malicious command and control domains found in Lojack agents, according to the Arbor Security Engineering & Response Team.
LoJack, a popular laptop recovery solution, “makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution,” researchers said, noting that while “the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads.” Because many antivirus programs don't flag the malware as a concern, it's largely able to do its dirty work without detection.Read more
Often, the best way to get something is to simply ask for it. That’s probably what the Israeli government thought when it sent an email to several American researchers and firms who make so-called zero-days, tools that take advantage of vulnerabilities in software that are unknown to the company that makes the software.
Experts have obtained a copy of the letter, which more than half a dozen sources described as unsolicited and unusual in how blunt and direct it was. Experts confirmed that at least five American firms received the letter, and multiple sources told us it was sent to many more.Read more
The flaw in question, CVE-2018-4878, is a use-after-free bug that Adobe patched on February 6, following reports that North Korean hackers had been exploiting the vulnerability in attacks aimed at South Korea.
The threat group, tracked as APT37, Reaper, Group123 and ScarCruft, has been expanding the scope and sophistication of its campaigns. After Adobe patched the security hole, which allows remote code execution, other malicious actors started looking into ways to exploit CVE-2018-4878. Morphisec said it spotted a campaign on February 22, which had been using a version of the exploit similar to the one developed by APT37.Read more
Cryptojacking only really coalesced as a class of attack about six months ago, but already the approach has evolved and matured into a ubiquitous threat. Hacks that co-opt computing power for illicit cryptocurrency mining now target a diverse array of victims, from individual consumers to massive institutions—even industrial control systems.
But the latest victim isn't some faceless internet denizen or a Starbucks in Buenos Aires. It's Tesla. Researchers published findings on Tuesday that some of Tesla's Amazon Web Services cloud infrastructure was running mining malware in a far-reaching and well-hidden cryptojacking campaign.Read more
India’s City Union Bank said on Sunday that “cyber criminals” had hacked its systems and transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.
The comments come after the small private lender on Saturday had disclosed it had discovered the three “fraudulent remittances”, which were sent via correspondent banks to accounts in Dubai, Turkey and China. Chief Executive Officer N. Kamakodi called it a “conspiracy” involving multiple countries, and added the lender was still investigating how it had happened. “This is basically a cyber attack by international cyber criminals,” he told.Read more
Hackers have hijacked the DNS server for BlackWallet, an online wallet application for the cryptocurrency Stellar Lumens (XLM), and drained users' accounts of hundreds of thousands of dollars. The attack reportedly took place on Saturday after hackers managed to hijack its DNS server, change the settings and redirect it towards their own third-party server.
"BlackWallet was compromised today after someone accessed my hosting provider account," the creator of BlackWallet said in a statement on Reddit. "He then changed the DNS settings to those of its fraudulent website (which was a copy of BlackWallet).Read more
When Stensul CEO Noah Dinkin visited a Starbucks in Buenos Aires recently, he probably didn’t expect to be served some sneaky cryptocurrency miner code along with his coffee. But thanks to the store’s internet provider, that’s exactly what he got.
“Hi Starbucks, did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop?” Dinkin tweeted on December 2. “Feels a little off-brand.” Dinkin wrote that Bitcoin was the digital currency being mined, but CoinHive, the company that provided the code for the miner, only works with Monero, a competing coin.Read more
Security researchers have discovered a new database floating around the dark web that contains a whopping 1.4 billion user names and password combinations in clear text.
While scouring the dark web for stolen, leaked or lost data, researchers at 4iQ found the 41GB file with an interactive, aggregate database dubbed the largest ever found in the dark web to date. The 1.4 billion records have been aggregated from various sources, earlier data breaches and credential lists. A portion of the unencrypted passwords have been tested by the researchers and were verified to be true.Read more
The contents of a digital wallet belonging to cryptocurrency company NiceHash, which included potentially millions of dollars worth of customers' bitcoin, was stolen in a major security breach early Wednesday. The hack affected NiceHash's payment system, and the entire contents of the company's bitcoin wallet was stolen.
"Clearly, this is a matter of deep concern, and we are working hard to rectify the matter in the coming days," NiceHash said in the Facebook post. "In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement, and we are cooperating with them as a matter of urgency."Read more
Uber disclosed Tuesday that hackers had stolen 57 million driver and rider accounts and that the company had kept the data breach secret for more than a year after paying a $100,000 ransom.
The deal was arranged by the company’s chief security officer and under the watch of the former chief executive, Travis Kalanick, according to several current and former employees who spoke on the condition of anonymity because the details were private. The security officer, Joe Sullivan, has been fired. Mr. Kalanick was forced out in June, although he remains on Uber’s board. The two hackers stole data about the company’s riders and drivers.Read more